2019-05-28 10:10:09 -07:00
// SPDX-License-Identifier: GPL-2.0-only
2017-11-05 08:15:34 -05:00
/* Copyright (c) 2017 Facebook
*/
# include <stdio.h>
# include <stdlib.h>
# include <string.h>
# include <errno.h>
# include <assert.h>
2017-12-20 10:37:08 -08:00
# include <sys/time.h>
2017-11-05 08:15:34 -05:00
# include <linux/bpf.h>
# include <bpf/bpf.h>
# include <bpf/libbpf.h>
# include "cgroup_helpers.h"
2018-02-26 22:34:32 +01:00
# include "bpf_rlimit.h"
2017-11-05 08:15:34 -05:00
# define DEV_CGROUP_PROG ". / dev_cgroup.o"
2018-01-22 20:48:40 -08:00
# define TEST_CGROUP " / test-bpf-based-device-cgroup / "
2017-11-05 08:15:34 -05:00
int main ( int argc , char * * argv )
{
struct bpf_object * obj ;
int error = EXIT_FAILURE ;
int prog_fd , cgroup_fd ;
__u32 prog_cnt ;
if ( bpf_prog_load ( DEV_CGROUP_PROG , BPF_PROG_TYPE_CGROUP_DEVICE ,
& obj , & prog_fd ) ) {
printf ( " Failed to load DEV_CGROUP program \n " ) ;
2017-12-20 10:37:08 -08:00
goto out ;
2017-11-05 08:15:34 -05:00
}
2020-07-31 15:09:14 -07:00
cgroup_fd = cgroup_setup_and_join ( TEST_CGROUP ) ;
2019-01-07 09:46:46 -08:00
if ( cgroup_fd < 0 ) {
2017-11-05 08:15:34 -05:00
printf ( " Failed to create test cgroup \n " ) ;
2020-07-31 15:09:14 -07:00
goto out ;
2017-11-05 08:15:34 -05:00
}
/* Attach bpf program */
if ( bpf_prog_attach ( prog_fd , cgroup_fd , BPF_CGROUP_DEVICE , 0 ) ) {
printf ( " Failed to attach DEV_CGROUP program " ) ;
goto err ;
}
if ( bpf_prog_query ( cgroup_fd , BPF_CGROUP_DEVICE , 0 , NULL , NULL ,
& prog_cnt ) ) {
printf ( " Failed to query attached programs " ) ;
goto err ;
}
/* All operations with /dev/zero and and /dev/urandom are allowed,
* everything else is forbidden .
*/
assert ( system ( " rm -f /tmp/test_dev_cgroup_null " ) = = 0 ) ;
assert ( system ( " mknod /tmp/test_dev_cgroup_null c 1 3 " ) ) ;
assert ( system ( " rm -f /tmp/test_dev_cgroup_null " ) = = 0 ) ;
/* /dev/zero is whitelisted */
assert ( system ( " rm -f /tmp/test_dev_cgroup_zero " ) = = 0 ) ;
assert ( system ( " mknod /tmp/test_dev_cgroup_zero c 1 5 " ) = = 0 ) ;
assert ( system ( " rm -f /tmp/test_dev_cgroup_zero " ) = = 0 ) ;
assert ( system ( " dd if=/dev/urandom of=/dev/zero count=64 " ) = = 0 ) ;
/* src is allowed, target is forbidden */
assert ( system ( " dd if=/dev/urandom of=/dev/full count=64 " ) ) ;
/* src is forbidden, target is allowed */
assert ( system ( " dd if=/dev/random of=/dev/zero count=64 " ) ) ;
error = 0 ;
printf ( " test_dev_cgroup:PASS \n " ) ;
err :
cleanup_cgroup_environment ( ) ;
2017-12-20 10:37:08 -08:00
out :
2017-11-05 08:15:34 -05:00
return error ;
}